Hi @AnandVyas , Thanks a lot for your suggestions! Here's the result I get : [root@svi bin]# ./openssl s_client -connect svi.local:443 -CAfile /home/viya/viya/config/etc/SASSecurityCertificateFramework/cacerts/trustedcerts.pem CONNECTED(00000003) depth=0 C = US, O = Self-Signed Certificate, CN = svi.local verify return:1 --- Certificate chain 0 s:/C=US/O=Self-Signed Certificate/CN=svi.local i:/C=US/O=Self-Signed Certificate/CN=svi.local --- Server certificate -----BEGIN CERTIFICATE----- MIIDsjCCApqgAwIBAgIIJTbscKjKqlQwDQYJKoZIhvcNAQELBQAwQzELMAkGA1UE BhMCVVMxIDAeBgNVBAoTF1NlbGYtU2lnbmVkIENlcnRpZmljYXRlMRIwEAYDVQQD EwlzdmkubG9jYWwwHhcNMTkxMjE4MDMxNzA2WhcNMjYxMjE4MDMzMjA2WjBDMQsw CQYDVQQGEwJVUzEgMB4GA1UEChMXU2VsZi1TaWduZWQgQ2VydGlmaWNhdGUxEjAQ BgNVBAMTCXN2aS5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMGNvgqmkxFCevL+jae6tZtJMcL2l9wlHTd2FaCyl6rEHZ8YDWPsf/mr2nVlcc/t 6QCmdhdW533iDTlxzgej7pT1irBxG2ob8XpK+MYDPPDDG55wOCabMu6tL0JQoDVQ ygKfWGrsJ/UgPOt6o2z7Nn+oeGS22f1w++NUIIUDgncDrm4neWlN319TfvCzqL1I 3mugPbhUowcSsoUZuw8oz4fSqb8pU7U/zSBIt3PL5NR7v4Lr9emArj9xk+o360pU 6cBQ//R9B05FtxnX+7796+JI7wedCoNKWwgAqJ+bFg0x1oXLYviQqCX/CzMizDdg ep21ME+APRziGd+PLyV9Xb0CAwEAAaOBqTCBpjAdBgNVHQ4EFgQURVyLI6JZta3q hWm5fWuZOOGmiV4wgYQGA1UdEQR9MHuCCXN2aS5sb2NhbIIJc3ZpLmxvY2Fsgglz dmkubG9jYWyCCXN2aS5sb2NhbIIDc3ZpggsqLnN2aS5sb2NhbIILKi5zdmkubG9j YWyCBSouc3Zpgglsb2NhbGhvc3SHBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAGHBAq2 wN0wDQYJKoZIhvcNAQELBQADggEBAHh+cM/cdXwJsMbck7vPRkRBdLm3MTjcC6TG Lu6lcoQpWip8GR3LjIUi8dLnMN4a2pvknCoKmABk3O+tkY3Vkvel/iwTzzYSwBl/ 3eQuEYsyAD6LjbxLEk0VYHync5YVmj62zM3v6YweSWK68KNrf8fIZNQklkOKycXS Rdlvyx+IvKivybOq667HvsoZUWizC95Xcr2udr20KQylTGAORkI+7jG4meqlYWBd glvnRpSe9sYAK5uc1Hadsd1vm5FEikoQ5dLCwxDjBGuKS7/akI7rIYpTOj1gKTu/ W4MzIFkABa/MJvyGj1TOip2kjoawhoX+oqCqop9E7mr6M+DAirI= -----END CERTIFICATE----- subject=/C=US/O=Self-Signed Certificate/CN=svi.local issuer=/C=US/O=Self-Signed Certificate/CN=svi.local --- No client certificate CA names sent Server Temp Key: ECDH, prime256v1, 256 bits --- SSL handshake has read 1641 bytes and written 375 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: BE7ABAD54AAEF08BF04A04998793150F64CBC345FE58E05CDFC11B5843695BFE Session-ID-ctx: Master-Key: F1727AB92A4BE35AA765E6D0D17A37080569EE6D56F33DCD610AFDD9EDE47B8155AD6736158B74EBE9F417B6A8B802B6 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 51 a7 c7 7e 49 12 6e 97-43 1c b2 a1 1b 09 a7 f1 Q..~I.n.C....... 0010 - 2c af 04 21 c1 f0 f8 b8-11 1e 69 d1 30 76 1c c5 ,..!......i.0v.. 0020 - 93 a3 b4 66 94 47 26 c3-b5 5f 01 17 c6 c8 61 67 ...f.G&.._....ag 0030 - e2 55 23 dc 68 f6 44 66-39 6b f9 52 05 4d 2d 6d .U#.h.Df9k.R.M-m 0040 - be 48 5b 18 e4 43 0e aa-ea 63 63 bb 47 2f 1b 36 .H[..C...cc.G/.6 0050 - ac 25 5b a6 f5 e7 d2 0a-8f a2 6c da 49 77 31 ef .%[.......l.Iw1. 0060 - f8 62 45 f5 18 c4 b2 a5-d6 c8 61 b5 98 5c 3a d9 .bE.......a..\:. 0070 - fe f7 cf 9c 62 73 83 b5-46 4c 3a 30 13 bf 82 0d ....bs..FL:0.... 0080 - 59 b3 38 3f 16 83 49 c9-4a 71 39 1e bc 3d 1d 13 Y.8?..I.Jq9..=.. 0090 - fe 43 b6 ff 39 ac 8f 43-af 67 66 0b f6 ba be 77 .C..9..C.gf....w 00a0 - a7 aa d3 5e 21 58 c4 ea-4d 2e c3 c8 b6 ea bf 7c ...^!X..M......| 00b0 - e5 f1 4f 65 ae a7 0a 48-b9 4a d1 ef be ca 87 a6 ..Oe...H.J...... Start Time: 1576808860 Timeout : 300 (sec) Verify return code: 0 (ok) --- Here's another thing, the environment has two Java environments, one is java-1.8.0-openjdk-1.8.0.45-35.b13.el6.x86_64 installed by yum. Another is jdk-8u231-linux-x64.tar.gz downloaded straight from official website. I modified java parameters under vars.yml : # deployment and set the path to Java in sasenv_java_home. sas_install_java: false # User specific location of where Java resides on the host. # If not set, the deployment will use the Java defined on the host. # This is an optional setting. # Example: # sasenv_java_home: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.101-3.b13.el6_8.x86_64/jre sasenv_java_home: /home/java/javatgz/jdk1.8.0_231/jre I wonder if that has any effect to this situation. Should I change soft links for java under /usr/bin and /etc/alternatives? Also I've already emailed SAS TS with attachments of logs and yml files, still waiting for reply.
... View more